Everything about security

The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.

PNG signature is 89 50 4E 47 0D 0A 1A 0A but this one is different. However, if we add png signature’s bytes to our file’s first 8 bytes. We get FF FF FF FF FF FF FF FF. In other words if we subtract each byte of the file from 0xFF, we get the correct png header which means we can decrypt the complete file by subtracting each byte from 0xFF.

Here is the python script I created for this task.

decrypt.py

Python

1

2

3

4

5

6

7

8

9

#!/usr/bin/env python

encrypted=open('secret_encrypted.png','rb')

data=encrypted.read()

encrypted.close()

decrypted=open('secret.png','wb')

decrypted.write(''.join(chr(c)forcin[0xFF-ord(x)forxindata]))

decrypted.close()

Let’s run it and get our secret.png file.

1

2

3

$python decrypt.py

$file secret.png

secret.png:PNG image data,1310x321,8-bit/color RGB,non-interlaced

Here is the decrypted image.

Umut Barış Öztunç

Security researcher who participates in Capture The Flag events, also the founder of BreakPoint CTF team.